|
Boosting Europe's defences against cyber attacks |
|
|
European societies are increasingly dependent on electronic networks and information systems. Cybercrime covers new crimes specific to the Internet, such as attacks against information systems or phishing (fake bank websites to solicit passwords enabling access to victims' bank accounts). Computers are also used as criminal tools to commit more traditional crimes, such as fraud and the dissemination of illegal content, e.g. child sexual abuse material or incitements to violence on the Internet. A daily nuisance and potential threat  Whilst the value of the cybercriminal economy as a whole is not precisely known yet, the losses represent billions of euros per year. The scale of the problem is itself a threat to law enforcement response capability – with more than 150 000 viruses and other types of malicious code in circulation and a million people victims of cybercrime every day. Given the development of cyber crime in recent years, the Commission has designed a coordinated policy in close cooperation with EU States and the other EU institutions. The Commission Communication "Towards a general policy on the fight against cyber crime" sets out the main elements of this policy: increased law enforcement cooperation, public-private partnerships and international cooperation. Businesses have recently been targets of previously unknown large-scale and dangerous attacks. Similarly, an increased number of such attacks against governments has been observed, such as in Estonia in 2007 and in Lithuania in 2008. There is a tendency of organised crime to be more strongly associated with these attacks and new concerns have emerged, such as the massive spread of malicious software creating "botnets" - networks of infected computers that can be remotely controlled to stage large-scale coordinated attacks. Higher criminal sanctions To deal more efficiently with the growing number of large-scale and highly sophisticated cyber attacks, the Commission put forward in 2010 a proposal for a Directive on attacks against information systems. The main novelty of the proposal is the criminalisation of the use, production and sale of tools (now mostly known as "botnets") to commit attacks against information systems. The proposal is now being discussed in the European Parliament and the Council. Operational cooperation The Commission presented a Communication on a European Cybercrime Centre, to be established within Europol, on 28 March 2012. The proposed Centre is to act as the focal point in the fight against cybercrime in the Union and should have four core functions:
The full study report is available here. The participation of all relevant actors is crucial in the fight against cybercrime. Therefore, the Commission has stepped up dialogue with the private sector, which controls a large part of information infrastructures. Concrete recommendations concerning operational cooperation between police authorities and private operators have also been approved in 2008 and 2010. Better protection  Similarly to the "crime" aspects of cyber attacks, the "security" aspects are at the core of EU action. This is reflected, for instance, in the Commission's initiative on Critical Information Infrastructure Protection (CIIP), which highlighted the need to secure our information systems (COM(2009) 149 and its latest assessment COM(2011) 163). The European Network and Information Security Agency (ENISA) is involved in supporting exchanges of good practices between EU States. |
|